Secure mobile affirmative consent management

ABSTRACT

A method, system and computer program product for secure mobile affirmative consent management is provided and includes receiving from a requesting individual a request to manage affirmative consent with a different individual. In response, the requesting individual is prompted to specify a self-assessed indication of sobriety and a sobriety test is administered to the requesting individual and a performance scored. The scored performance is compared with a pre-stored typical performance for individuals having a same self-assessed indication and the self-assessed indication is validated based upon the comparison. A payload is received from the different individual, and combined with data identifying the requesting individual, and including the validated self-assessed indication. Finally, the combination is stored in remote storage.

BACKGROUND OF THE INVENTION Field of the Invention

The present invention relates to electronic contracting and moreparticularly to affirmative consent contract management in a mobiledevice.

Description of the Related Art

Affirmative consent refers to the movement in which two individualschoose not to engage in intimate relations absent the affirmativeconsent to do so by each of the individuals. Previously, it had beencustomary for two individuals to choose not to engage in intimaterelations upon one of the individuals affirmatively objecting tointimate relations. But, recent disputes at various academicinstitutions have called into question the wisdom of any individualengaging in an intimate act with another without first having receivedaffirmative consent. To with, in some governmental jurisdictions,affirmative consent is now statutory in so far as in some circumstances,the eligibility of an academic institution to receive governmentalfunding rests upon the institution adopting an affirmative consentpolicy for its students.

Affirmative consent, while intellectually a simple enough concept, inpractice is substantially more challenging. In this regard, the fastpace at which an intimate relationship between two individuals arisesoftentimes does not permit the opportunity for the individuals to pauseand discuss the prospective intimate acts and to memorialize affirmativeconsent in a way so as to subsequently be reliable—particularly in ajudicial, academic disciplinary, or law enforcement setting. Addressingthe real world challenges to the contemporaneous memorialization ofaffirmative consent, a handful of mobile computing applications havebeen developed.

One such application relies upon the audio and video capture of bothindividuals providing consent to one another to engage in intimaterelations. Once a face is detected, irrespective of the identityassociated with the detected face, the video and audio are encryptedusing local encryption on the mobile device and thereafter stored on themobile device and eventually uploaded to a central repository whereinthe encrypted video is encrypted again and stored for a multi-yearperiod. However, in an era of constant data security lapses, maintaininga centralized repository of video of individuals agreeing to engage inintimate acts is only a mouse click away from mass publication. Further,prior to the uploading of the video imagery to the centralizedrepository, the possessor of the mobile device is free to publish thevideo to others without the consent of the other individual appearing inthe video and consenting to engage in intimate relations.

Of note, it is apparent that merely consenting to intimate relations oncamera is not sufficient for affirmative consent where the consentingindividuals lack the capacity to consent. In this regard, it is widelyunderstood that in the campus setting, consenting young adults mayexperience some degree of intoxication prior to seeking the affirmativeconsent of another individual for an intimate encounter. Legally, noperson has the capacity to consent to intimate relations when thatperson is intoxicated. Thus, even if video imagery is acquired of anindividual affirmatively consenting to an intimate encounter, if thatindividual is not sober, no consent will have been possible therebydefeating the intent of the consent mobile application.

Recognizing the inherent deficiency of consent applications lacking aconfirmation of sobriety, a short-lived mobile application relied uponthe manual specification of consent in a user interface of theapplication in the mobile device along with a self-assessment ofsobriety. Were an individual seeking or providing affirmative consent tohave indicated a degree of intoxication, no affirmative consent ispermitted and the mobile application blocks subsequent attempts torecord affirmative consent. Of course, the same data privacy concernsexisted in this instance as before. More importantly, an intoxicatedperson is not a reliable judge of one's own degree of intoxicationmaking the resultant recordation of affirmative consent highlyunreliable. For both reasons, this particular mobile applicationsurvived only days of distribution before being retracted from themarketplace.

BRIEF SUMMARY OF THE INVENTION

Embodiments of the present invention address deficiencies of the art inrespect to mobile management of affirmative consent and provide a noveland non-obvious method, system and computer program product for securemobile affirmative consent management. In an embodiment of theinvention, a secure mobile affirmative consent management methodincludes receiving from a requesting individual in a user interface to amobile consent management application executing in memory of a mobilecomputing device, a request to manage affirmative consent with adifferent individual. In response, the requesting individual is promptedthrough the user interface to specify a self-assessed indication ofsobriety. Thereafter, a sobriety test of the requesting individual isexecuted in the user interface and a performance of the requestingindividual scored with respect to the sobriety test.

The scored performance is compared with a pre-stored typical performancefor individuals having a same self-assessed indication of sobriety andthe self-assessed indication of sobriety of the requesting individual isvalidated based upon the comparison. If the validation reflects athreshold level of sobriety, an asymmetrically encrypted payload isreceived in the device from the different individual, and is combinedwith data specifying an identity of the requesting individual, thevalidated self-assessed indication, and the self-assessed indication ofsobriety. Finally, the combination is asymmetrically encrypted, and thenfurther encrypting with an encryption key associated with remote storageto produce a triple encrypted package before being stored in the remotestorage separate from a mobile device of either the requestingindividual and the different individual.

In one aspect of the embodiment, the asymmetrically encrypted payloadreceived from the different individual is asymmetrically encrypted usinga public key of the different individual and is decryptable thereforeusing only a private key of the different individual. Further, thecombination is asymmetrically encrypted using a public key of therequesting individual such that the asymmetrically encrypted combinationis decryptable therefore using only a private key of the requestingindividual. In yet another aspect of the embodiment, the encryption keyassociated with remote storage is a symmetric key retrieved inconnection with the remote storage.

In a further aspect of the embodiment, the validating of theself-assessed indication of sobriety includes changing the self-assessedindication of sobriety to a different self-assessed indication ofsobriety in response to a determination during the comparison that thescored performance differs from the pre-stored typical performance by athreshold amount. In this regard, the pre-stored typical performance forindividuals having a same self-assessed indication of sobriety arepre-stored in a table disposed in persistent storage of the mobilecomputing device and updated on a periodic basis.

Finally, in even yet another aspect of the embodiment, a request toretrieve affirmative consent information pertaining to an eventspecified to have occurred in connection with a particular time of yearis received in a server coupled to the fixed storage. In response, a setof all triple encrypted packages stored within a threshold period oftime from the particular time of year is retrieved from the fixedstorage and each of the triple encrypted packages decrypted using adecryption key associated with the remote storage. Thereafter,brute-force decryption is attempted upon the set using private keys foreach of the requesting individual and the different individual.Consequently, two unencrypted sets of data resulting from thebrute-force decryption are stored in memory of the server, in so far asthe two unencrypted sets reflect the affirmative consent in response tothe request.

In another embodiment of the invention, a mobile computing device isconfigured for secure mobile affirmative consent management. The deviceincludes memory and at least one processor, and a display driven by theprocessor. The device also includes fixed storage storing dataaccessible by the processor and also a unique identifier of the mobilecomputing device. For instance, the unique identifier is a media accesscontrol (MAC) address of the mobile computing device. The device yetfurther includes an asymmetric key pair stored in the fixed storage.Finally, the device includes a secure mobile affirmative consentmanagement module executing in the memory of the mobile computingdevice.

The module includes program code enabled during execution to receivefrom a requesting individual in a user interface to the mobileaffirmative consent management module a request to manage affirmativeconsent with a different individual, and to respond to the request byprompting the requesting individual through the user interface tospecify a self-assessed indication of sobriety, to execute a sobrietytest of the requesting individual by one or more of the processors ofthe device in the user interface and to score a performance of therequesting individual for the sobriety test, to compare by the processorof the device the scored performance with a pre-stored typicalperformance for individuals having a same self-assessed indication ofsobriety, to validate in the application the self-assessed indication ofsobriety of the requesting individual based upon the comparison, and torespond to a validation of the self-assessed indication as reflecting athreshold level of sobriety by receiving in the device an asymmetricallyencrypted payload from the different individual, combining in memory ofthe device the asymmetrically encrypted payload with data including theunique identifier, the validated self-assessed indication, and theself-assessed indication of sobriety, asymmetrically encrypting thecombination, and uploading the asymmetrically encrypted combination toremote storage.

In one aspect of the embodiment, the asymmetrically encryptedcombination is further encrypted by the program code prior to uploadingwith an encryption key associated with the remote storage in order toproduce a triple encrypted package. In another aspect of the embodiment,the validation includes changing the self-assessed indication ofsobriety to a different self-assessed indication of sobriety in responseto a determination during the comparison that the scored performancediffers from the pre-stored typical performance by a threshold amount.In yet another aspect of the embodiment, a quick response (QR) codescanner executes in the memory of the device, such that theasymmetrically encrypted payload is encoded in a quick response (QR)code scanned by the device and decoded with the QR code scanner.

Additional aspects of the invention will be set forth in part in thedescription which follows, and in part will be obvious from thedescription, or may be learned by practice of the invention. The aspectsof the invention will be realized and attained by means of the elementsand combinations particularly pointed out in the appended claims. It isto be understood that both the foregoing general description and thefollowing detailed description are exemplary and explanatory only andare not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute partof this specification, illustrate embodiments of the invention andtogether with the description, serve to explain the principles of theinvention. The embodiments illustrated herein are presently preferred,it being understood, however, that the invention is not limited to theprecise arrangements and instrumentalities shown, wherein:

FIG. 1 is a pictorial illustration of a process for secure mobileaffirmative consent management;

FIG. 2 is a schematic illustration of a mobile computing data processingsystem configured for secure mobile affirmative consent management;

FIG. 3 is a pictorial illustration of a sequence of screen shotspresented during secure mobile affirmative consent acquisition;

FIG. 4A is a flow chart illustrating a process for acquiring securemobile affirmative consent; and,

FIG. 4B is a flow chart illustrating a process for retrieving securemobile affirmative consent.

DETAILED DESCRIPTION OF THE INVENTION

Embodiments of the invention provide for secure mobile affirmativeconsent management. In accordance with an embodiment of the invention,within a mobile affirmative consent application, in response to arequest to memorialize affirmative consent amongst two differentindividuals, a self-assessed degree of sobriety is received for each ofthe individuals through respectively different user interfaces to theapplication in respectively different mobile computing devices.Thereafter, a brief sobriety test is administered to each of theindividuals through the different user interfaces and a performancescore for the tests recorded by the respectively different mobiledevices.

The self-assessed degree of sobriety for each of the individuals is thenvalidated as an actual degree of sobriety, or changed as necessary to anactual degree of sobriety, based upon a corresponding one of theperformance scores and a typical performance score for others of thesame self-assessed degree of sobriety. To the extent that theindividuals are considered to lack a requisite degree of sobriety, noaffirmative consent is recorded. However, if a requisite degree ofsobriety is determined to exist with respect to both individuals, foreach of the individuals, a corresponding identity, actual degree ofsobriety, self-assessed degree of sobriety, performance score arepackaged into an affirmative consent payload, asymmetrically encryptedand transmitted to the mobile device of the other individual.

Each individual receiving the encrypted payload of the other combinesthe packaged affirmative consent payload with the asymmetricallyencrypted payload and asymmetrically encrypts the combination. Finally,for each of the individuals, the encrypted combination is again queuedfor uploading over a network to a centralized repository and theencrypted combination is again encrypted using an encryption key of thecentralized repository. As such, the again encrypted combination isstored as a triple-encrypted package in connection with a time and dateof receipt.

Subsequently, when proof of affirmative consent for an intimateencounter occurring on a particular date is desired, a set of alltriple-encrypted packages received within a threshold period of time ofthe particular date are retrieved and initially decrypted using theencryption key for the centralized repository. Thereafter, brute-forcedecryption is attempted on the decrypted packages using the decryptionkeys of both individuals so that only the encrypted combinations havingbeen asymmetrically encrypted in connection with the decryption keyswill decrypt. In this way, the triple-encrypted packages are both storedand retrieved without regard to the identity of the individuals and areable to be retrieved only with three separately held decryption keys sothat guaranteed data security remains present throughout the process.

In further illustration, FIG. 1 pictorially shows a process for securemobile affirmative consent management. As shown in FIG. 1, a pair ofindividuals can seek affirmative consent from one another through theuse of respectively different mobile devices 100A, 100B in whichrespectively different instances of affirmative consent logic 170executes. In response to a request by each end user, the affirmativeconsent logic 170 can prompt each respective end user to provide aself-assessment 110A, 110B of a mental and physical capacity toaffirmatively consent. As a component of capacity, sobriety is a naturalconsideration. Consequently, the affirmative consent logic 170 presentsto each one of the end users, one of a selection of different sobrietygames 120. In this regard, the sobriety games each are time limited,dexterity tests presented in a corresponding display of the mobiledevices 100A, 100B in which the reaction time and reaction accuracy ofan end user are measured as a game score 130A, 130B in connection with aseries of automated prompts. Examples include presenting a series oficons on a display at different random positions and measuring howquickly and how accurately an end user can touch the position of each ofthe presented icons. Other examples include how quickly and howaccurately an end user can type an answer to a simplistic question, orhow quickly and how accurately an end user can spell a presented wordbackwards.

Of note, once a game score 130A, 130B is computed for each of the endusers in response to each of the end users completing a presented one ofthe sobriety games 120, the game score 130A, 130B of each of the endusers is compared to a typical game score for other end users having acomparable self-assessment. The comparison is used to determine whetheror not the self-assessment 110A, 110B of each end user is accurate. Forinstance, if a game score 130A, 130B of an end user with a correspondingself-assessment 110A, 110B deviates from an average game score for allother end users also specifying an equivalent game score by more than athreshold value, the self-assessment 110A, 110B of the corresponding oneof the end users is modified into an adjusted self-assessment 140A, 140Bassociated with an average game score of other end users closer toequivalency to the actual game score 130A, 130B of the corresponding oneof the end users.

Once an adjusted self-assessment 140A, 140B is computed for each of theend users in each of the mobile devices 100A, 110B by affirmativeconsent logic 170, the affirmative consent logic 170 combines for eachend user, identifying information such as a MAC address of acorresponding one of the mobile devices 100A, 100B, the game score 130A,130B, self-assessment 110A, 110B and adjusted self-assessment 140A intoa payload 150A, 150B which is then encrypted using a correspondingpublic key 160A, 160B of the end user so as to produce a singleasymmetrically encrypted payload 170A, 170B. The single asymmetricallyencrypted payload 170A, 170B of each end user is then exchanged betweenthe mobile devices 100A, 100B, for instance through wireless datacommunications such as short range radio frequency communications, or byoptically scanning respective bar codes of the other, each of the barcodes encoding a corresponding one of the single asymmetricallyencrypted payloads 170A, 170B.

Once the single asymmetrically encrypted payload 170A, 170B of the otherof the end users is received by affirmative consent logic 170 of acorresponding one of the end users, the received one of the singleasymmetrically encrypted payloads 170A, 170B is combined with thepreviously generated payload 150A, 150B and encrypted again using acorresponding public key 160A, 160B of the end user so as to produce adoubly asymmetrically encrypted combination 180A, 180B. Thereafter, eachof the doubly asymmetrically encrypted combinations 180A, 180B areencrypted once again using a symmetric key 105 provided by remotestorage 195 so as to produce a triple encrypted package 190A, 190B.Finally, each of the triple encrypted packages 190A, 190B are uploadedfrom a respective one of the mobile devices 100A, 100B to remote storage195. Consequently, the game score 130A, 130B, self-assessment 110A, 110Band adjusted self-assessment 140A, 140B for each of the end users,representative of the affirmative consent of each of the end users, canbe retrieved only with the possession of a private key of each end userfor a corresponding one of the public keys 160A, 160B as well as thesymmetric key 105.

The process described in connection with FIG. 1 is implemented in amobile computing data processing system. In further illustration, FIG. 2schematically shows a mobile computing data processing system configuredfor secure mobile affirmative consent management. The system includes amobile device 200. The mobile device 200 is defined by a processor 210,memory 220, a display 230 and fixed storage 240 such as solid statememory or a fixed disk drive. Data communications circuitry 250 also isprovided as is a digital camera 260. The foregoing is a commonarrangement of components of a mobile computing device, as will berecognized by one of skill in the art, so as to permit the execution ofan operating system 270 in the memory 220 by the processor 210 of themobile device 200.

An affirmative consent module 300 is hosted within the operating system270. The affirmative consent module 300 includes program code that whenexecutes in the memory 220 by the processor 210, is enabled to respondto a request for affirmative consent by prompting in the display 230 fora self-assessment of sobriety, by presenting in the display 230 one of aselection of sobriety tests 280, by computing a score for the selectedone of the sobriety tests 280, by comparing the computed score to testmetrics 275 disposed in fixed storage 240, by adjusting theself-assessment according to the comparison, by generating a payload ofthe adjusted self-assessment and game score along with a MAC address ofthe mobile device 200, by encrypting the payload using a public keywithin an asymmetric key pair 285 disposed in fixed storage 240, byencoding the encrypted payload into a QR code and displaying the QR codein the display 230, by photographing a QR code displayed on a display ofa different mobile device, by decoding the QR code using QR code scanner290 and combining the decrypted QR code with the payload and encryptingthe combination with the public key, by encrypting again the encryptedcombination with a symmetric key in memory 220 to produce a tripleencrypted package, and by transmitting the triple encrypted package toremote storage.

Of note, the affirmative consent logic 300 is configured to present anumber of display screens in the display 230 in the course of securemobile affirmative consent acquisition. In yet further illustration,FIG. 3 pictorially shows a sequence of screen shots presented in amobile device to an end user during secure mobile affirmative consentacquisition. As shown in FIG. 3, the end user is prompted in a firstscreen 310 to provide a self-assessment. A number of different levels ofsobriety can be suggested as part of the self-assessment though onlythree are shown in FIG. 3 for the purpose of illustrative simplicity.Thereafter, one of a selection of different sobriety games are presentedin screen 320 and a score is computed for the end user based upon aperformance of the end user in the sobriety game.

Optionally, based upon the computed score, the self-assessment isadjusted and a payload generated including identity data, theself-assessment and the game score, the payload then being encrypted. Inscreen 330, a QR code is generated that encodes the encrypted payloadand the QR code is displayed for scanning for a different end user usinga different mobile device. Likewise, in screen 340, the QR code of thedifferent end user is scanned from the different device and decoded soas to supply an asymmetrically encrypted payload of the different enduser. Thereafter, the payload of the end user is combined with theencrypted payload of the different end user and encrypted twice morebefore being transmitted to remote storage.

In even yet further illustration of the operation of the affirmativeconsent module 300 of FIG. 2, FIG. 4A is a flow chart illustrating aprocess for acquiring secure mobile affirmative consent in anaffirmative consent application executing in the memory of a mobiledevice. Beginning in block 405, in response to a request to documentaffirmative consent, a self-assessment is received for the end user andin block 410 a public key for the end user is loaded into memory. Indecision block 415, it is determined whether or not the self-assessmentpresents a threshold degree of sobriety requisite to provide affirmativeconsent. If not, in block 505 the request is rejected. Otherwise, theprocess continues in block 420.

In block 420, a sobriety test is selected from amongst a selection ofsobriety tests and administered to the end user. In block 430, a scoreis computed for the end user performing the sobriety test. As but oneexample, a time required for an end user to respond to a prompt in thesobriety test is measured and weighted based upon an accuracy of theresponse. For instance, to the extent that the sobriety test is a testin which a different sequence of icons are displayed on the screen ofthe mobile device in random positions and the end user is instructed totouch the icon once presented, a time required to touch the screen ismeasured as well as a distance from the position of the icon. The timeand distance are combined into a single value, for instance bymultiplication, and summed with other combinations for other iconpresentations to produce a composite score. A lower value indicates ahigher degree of performance with the end user touching the display inresponse to the presentation of an icon on the display more quickly andwith greater accuracy.

The single value along with the self-assessment and game identifier istransmitted to a remote server that captures the combination of datawithout identifying information of the end user for use in computing anaverage score with other values produced by other end users to whom thegame had been administered and from whom a common self-assessment hadbeen established. Ultimately, a table of average scores for each gameand each self-assessment is produced for all end users. The averagescore for each game and self-assessment value then is stored in eachmobile device of each end user in the form of a table of average scoresand standard deviations for each value of self-assessment and updated bythe remote server periodically on each mobile device.

Consequently, in block 430, the computed score is then compared to theaverage score for the other end users of a same self-assessment who hadpreviously been administered the same sobriety test. If the computedscore differs from the average score by more than a threshold amount,for instance by more than one or two standard deviations away from theaverage score, the self-assessment is adjusted to a new self-assessmentvalue that has an average score closer in value to the computed score.Subsequently, in decision block 435 it is determined whether or not theadjusted self-assessment still presents a threshold degree of sobrietyrequisite to provide affirmative consent. If not, in block 505 therequest is rejected. Otherwise, the process continues in block 440.Optionally, even if in block 435 the adjusted self-assessment does notpresent a threshold degree of sobriety requisite to provide affirmativeconsent, the process may continue to block 440 so as to record theattempt for affirmative consent nonetheless.

In block 440, a payload is packaged to include a MAC identifier for themobile device, the self-assessment (original or adjusted or both), and atime and/or date stamp to indicate when the affirmative consent had beenrecorded. In block 445, the payload is then asymmetrically encryptedusing the public key in memory and in block 450 the asymmetricallyencrypted payload is transmitted to a different mobile device of adifferent end user participating in the recordation of the affirmativeconsent. Likewise, in block 455 an encrypted payload is received in themobile device from the different end user and in block 460 the receivedencrypted payload is combined with the packaged payload and encryptedusing the public key in block 465. Finally, in block 470 a symmetric keyfor remote storage is retrieved from memory and used in block 475 toencrypt the encrypted combination to produce a triple encrypted package.

In block 480, the triple encrypted package is queued for transmission toremote storage, either by way of e-mail, text message, file transferprotocol (FTP) or direct communications with the remote storage. Inblock 485, the triple encrypted package is also stored in a cache in themobile device that is separate from the affirmative consent application.In decision block 490, it is determined whether or not the tripleencrypted package has been successfully transmitted. If so, the tripleencrypted package is deleted from the cache in block 495. Of note, atstartup, and periodically thereafter, the cache is inspected todetermine if any triple encrypted packages are present. If so, thosepackages that are present are transmitted. In this way, even if theaffirmative consent application is deleted from the mobile device beforea triple encrypted package is able to be transmitted to remote storage,upon re-installation of the affirmative consent application, any tripleencrypted packages remaining in the cache are transmitted to remotestorage.

Once it is required to retrieve affirmative consent for two differentend users, the affirmative consent can be retrieved through the use ofprivate keys for each of the end users and a symmetric key of the remotestorage. In even yet further illustration, FIG. 4B is a flow chartillustrating a process for retrieving secure mobile affirmative consent.Beginning in block 510, a request for discovery and retrieval ofaffirmative consent is received in a computer coupled to the remotestorage. In block 515, the private key of each end user is received inmemory and in block 520 a date target is provided in memory for whenrespectively different triple encrypted packages had been received fromthe end users. As such, in block 525 a date range is then computed basedupon the target date.

In block 530, all triple encrypted payloads present in remote storagethat had been received within the date range are retrieved in memory anddecrypted using the symmetric key of the remote storage and in block 535to produce a set of doubly encrypted payloads, a first one of the doublyencrypted payloads is loaded for processing. In block 540, a brute forceattempt at decrypting the first doubly encrypted payload with each ofthe private keys is performed. The brute force attempt includes, as anexample, utilizing each of the private keys so as to see if either isable to decrypt the first double encrypted payload so as to reveal datapertaining to a MAC identifier for a mobile device, a self-assessment(original or adjusted or both), a time and/or date stamp to indicatewhen the affirmative consent had been recorded and a singly encryptedpayload to which the other of the private keys so as to reveal theremaining affirmative consent data. In decision block 545, if the bruteforce attempt is unsuccessful, if it is determined in decision block 550that more doubly encrypted payloads remain to be processed, in block 555a next one of the doubly encrypted payloads is loaded for processing andthe brute force decryption is attempted again in block 540. In decisionblock 550, if no more doubly encrypted payloads remain to be brute forcedecrypted, the process ends in block 560 with an error condition.Otherwise, both now fully decrypted payloads are displayed asrepresentative of the affirmative consent of both end users withouthaving to have stored the affirmative consent of both end users inconnection with any identifying information for either end user andwhile ensuring that no one end user can reveal the affirmative consentof the other without the cooperation of the other end user.

The present invention may be embodied within a system, a method, acomputer program product or any combination thereof. The computerprogram product may include a computer readable storage medium or mediahaving computer readable program instructions thereon for causing aprocessor to carry out aspects of the present invention. The computerreadable storage medium is a tangible device that excludes transitorymedia, and can retain and store instructions for use by an instructionexecution device. The computer readable storage medium may be, forexample, but is not limited to, an electronic storage device, a magneticstorage device, an optical storage device, an electromagnetic storagedevice, a semiconductor storage device, or any suitable combination ofthe foregoing.

A non-exhaustive list of more specific examples of the computer readablestorage medium includes the following: a portable computer diskette, ahard disk, a random access memory (RAM), a read-only memory (ROM), anerasable programmable read-only memory (EPROM or Flash memory), a staticrandom access memory (SRAM), a portable compact disc read-only memory(CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk,a mechanically encoded device such as punch-cards or raised structuresin a groove having instructions recorded thereon, and any suitablecombination of the foregoing. A computer readable storage medium, asused herein, is not to be construed as being transitory signals per se,such as radio waves or other freely propagating electromagnetic waves,electromagnetic waves propagating through a waveguide or othertransmission media (e.g., light pulses passing through a fiber-opticcable), or electrical signals transmitted through a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language, and conventional procedural programminglanguages. The computer readable program instructions may executeentirely on the user's computer, partly on the user's computer, as astand-alone software package, partly on the user's computer and partlyon a remote computer or entirely on the remote computer or server. Inthe latter scenario, the remote computer may be connected to the user'scomputer through any type of network. In some embodiments, electroniccircuitry including, for example, programmable logic circuitry,field-programmable gate arrays (FPGA), or programmable logic arrays(PLA) may execute the computer readable program instructions byutilizing state information of the computer readable programinstructions to personalize the electronic circuitry, in order toperform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions. These computer readable programinstructions may be provided to a processor of a general purposecomputer, special purpose computer, or other programmable dataprocessing apparatus to produce a machine, such that the instructions,which execute via the processor of the computer or other programmabledata processing apparatus, create means for implementing thefunctions/acts specified in the flowchart and/or block diagram block orblocks. These computer readable program instructions may also be storedin a computer readable storage medium that can direct a computer, aprogrammable data processing apparatus, and/or other devices to functionin a particular manner, such that the computer readable storage mediumhaving instructions stored therein comprises an article of manufactureincluding instructions which implement aspects of the function/actspecified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the block may occur out of theorder noted in the figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. It will also be noted that each block of theblock diagrams and/or flowchart illustration, and combinations of blocksin the block diagrams and/or flowchart illustration, can be implementedby special purpose hardware-based systems that perform the specifiedfunctions or acts or carry out combinations of special purpose hardwareand computer instructions.

Finally, the terminology used herein is for the purpose of describingparticular embodiments only and is not intended to be limiting of theinvention. As used herein, the singular forms “a”, “an” and “the” areintended to include the plural forms as well, unless the context clearlyindicates otherwise. It will be further understood that the terms“comprises” and/or “comprising,” when used in this specification,specify the presence of stated features, integers, steps, operations,elements, and/or components, but do not preclude the presence oraddition of one or more other features, integers, steps, operations,elements, components, and/or groups thereof.

The corresponding structures, materials, acts, and equivalents of allmeans or step plus function elements in the claims below are intended toinclude any structure, material, or act for performing the function incombination with other claimed elements as specifically claimed. Thedescription of the present invention has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited to the invention in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill in the artwithout departing from the scope and spirit of the invention. Theembodiment was chosen and described in order to best explain theprinciples of the invention and the practical application, and to enableothers of ordinary skill in the art to understand the invention forvarious embodiments with various modifications as are suited to theparticular use contemplated.

Having thus described the invention of the present application in detailand by reference to embodiments thereof, it will be apparent thatmodifications and variations are possible without departing from thescope of the invention defined in the appended claims as follows:

We claim:
 1. A secure mobile affirmative consent management methodcomprising: receiving from a requesting individual in a user interfaceto a mobile consent management application executing in memory of amobile computing device, a request to manage affirmative consent with adifferent individual, and responding to the request by prompting therequesting individual through the user interface to specify aself-assessed indication of sobriety; executing a sobriety test of therequesting individual by a processor of the device in the user interfaceand scoring a performance of the requesting individual for the sobrietytest; comparing by the processor of the device the scored performancewith a pre-stored typical performance for individuals having a sameself-assessed indication of sobriety; validating in the application theself-assessed indication of sobriety of the requesting individual basedupon the comparison; and, responsive to a validation of theself-assessed indication as reflecting a threshold level of sobriety,receiving in the device a payload from the different individual,combining in a package in memory of the device, the payload with dataspecifying an identity of the requesting individual and the validatedself-assessed indication, and storing the package in remote storageseparate from a mobile device of either the requesting individual andthe different individual.
 2. The method of claim 1, wherein the payloadreceived from the different individual is asymmetrically encrypted witha public key of an asymmetric key pair of the different individual so asto be decryptable using a corresponding private key of the asymmetrickey pair of the different individual, wherein the package isasymmetrically encrypted with a public key of an asymmetric key pairstored in the memory of the mobile computing device so as to bedecryptable using a corresponding private key of the asymmetric key pairstored in the memory of the mobile computing device, and wherein theasymmetrically encrypted combination is encrypted with an encryption keyassociated with the remote storage to produce a triple encryptedpackage.
 3. The method of claim 1, wherein the validating of theself-assessed indication of sobriety comprises changing theself-assessed indication of sobriety to a different self-assessedindication of sobriety in response to a determination during thecomparison that the scored performance differs from the pre-storedtypical performance by a threshold amount.
 4. The method of claim 2,wherein the encryption key associated with remote storage is a symmetrickey retrieved in connection with the remote storage.
 5. The method ofclaim 1, wherein the pre-stored typical performance for individualshaving a same self-assessed indication of sobriety are pre-stored in atable disposed in persistent storage of the mobile computing device andupdated on a periodic basis.
 6. The method of claim 2, furthercomprising: receiving in a server coupled to the fixed storage a requestto retrieve affirmative consent information pertaining to an eventspecified to have occurred in connection with a particular time of year;retrieving from the fixed storage a set of all triple encrypted packagesstored within a threshold period of time from the particular time ofyear; decrypting each of the triple encrypted packages using adecryption key associated with the remote storage; attemptingbrute-force decryption to the set using private keys for each of therequesting individual and the different individual; and, storing inmemory of the server two unencrypted sets of data resulting from thebrute-force decryption, the two unencrypted sets reflecting theaffirmative consent in response to the request.
 7. A mobile computingdevice configured for secure mobile affirmative consent management, thedevice comprising: memory and at least one processor, and a displaydriven by the processor; fixed storage storing data accessible by theprocessor and also a unique identifier of the mobile computing device;and, a secure mobile affirmative consent management module executing inthe memory of the mobile computing device, the module comprising programcode enabled during execution to receive from a requesting individual ina user interface to the mobile affirmative consent management module arequest to manage affirmative consent with a different individual, andto respond to the request by prompting the requesting individual throughthe user interface to specify a self-assessed indication of sobriety, toexecute a sobriety test of the requesting individual by one or more ofthe processors of the device in the user interface and to score aperformance of the requesting individual for the sobriety test, tocompare by the processor of the device the scored performance with apre-stored typical performance for individuals having a sameself-assessed indication of sobriety, to validate in the application theself-assessed indication of sobriety of the requesting individual basedupon the comparison, and to respond to a validation of the self-assessedindication as reflecting a threshold level of sobriety by receiving inthe device a payload from the different individual, combining into apackage in memory of the device the payload with data including theunique identifier and the validated self-assessed indication anduploading the package to remote storage.
 8. The system of claim 7,wherein the payload received from the different individual isasymmetrically encrypted with a public key of an asymmetric key pair ofthe different individual so as to be decryptable using a correspondingprivate key of the asymmetric key pair of the different individual,wherein the package is asymmetrically encrypted with a public key of anasymmetric key pair stored in the memory of the mobile computing deviceso as to be decryptable using a corresponding private key of theasymmetric key pair stored in the memory of the mobile computing device,and wherein the asymmetrically encrypted combination is encrypted withan encryption key associated with the remote storage to produce a tripleencrypted package.
 9. The system of claim 8, wherein the package isfurther encrypted by the program code prior to uploading with theencryption key in order to produce the triple encrypted package.
 10. Thesystem of claim 7, wherein the unique identifier is a media accesscontrol (MAC) address of the mobile computing device.
 11. The system ofclaim 7, wherein the validation comprises changing the self-assessedindication of sobriety to a different self-assessed indication ofsobriety in response to a determination during the comparison that thescored performance differs from the pre-stored typical performance by athreshold amount.
 12. The system of claim 7, further comprising a quickresponse (QR) code scanner executing in the memory of the device,wherein the asymmetrically encrypted payload is encoded in a quickresponse (QR) code scanned by the device and decoded with the QR codescanner.
 13. The system of claim 8, wherein the encryption keyassociated with remote storage is a symmetric key retrieved inconnection with the remote storage.
 14. The system of claim 7, whereinthe pre-stored typical performance for individuals having a sameself-assessed indication of sobriety are pre-stored in a table in fixedstorage and updated from over a computer communications network on aperiodic basis.
 15. A computer program product for secure mobileaffirmative consent management, the computer program product comprisinga non-transitory computer readable storage medium having programinstructions embodied therewith, the program instructions executable bya device to cause the device to perform a method comprising: receivingfrom a requesting individual in a user interface to a mobile consentmanagement application executing in memory of a mobile computing device,a request to manage affirmative consent with a different individual, andresponding to the request by prompting the requesting individual throughthe user interface to specify a self-assessed indication of sobriety;executing a sobriety test of the requesting individual by a processor ofthe device in the user interface and scoring a performance of therequesting individual for the sobriety test; comparing by the processorof the device the scored performance with a pre-stored typicalperformance for individuals having a same self-assessed indication ofsobriety; validating in the application the self-assessed indication ofsobriety of the requesting individual based upon the comparison; and,responsive to a validation of the self-assessed indication as reflectinga threshold level of sobriety, receiving in the device a payload fromthe different individual, combining in a package in memory of thedevice, the payload with data specifying an identity of the requestingindividual and the validated self-assessed indication, and storing thepackage in remote storage separate from a mobile device of either therequesting individual and the different individual.
 16. The computerprogram product of claim 15, wherein the payload received from thedifferent individual is asymmetrically encrypted with a public key of anasymmetric key pair of the different individual so as to be decryptableusing a corresponding private key of the asymmetric key pair of thedifferent individual, wherein the package is asymmetrically encryptedwith a public key of an asymmetric key pair stored in the memory of themobile computing device so as to be decryptable using a correspondingprivate key of the asymmetric key pair stored in the memory of themobile computing device, and wherein the asymmetrically encryptedcombination is encrypted with an encryption key associated with theremote storage to produce a triple encrypted package.
 17. The computerprogram product of claim 15, wherein the validating of the self-assessedindication of sobriety comprises changing the self-assessed indicationof sobriety to a different self-assessed indication of sobriety inresponse to a determination during the comparison that the scoredperformance differs from the pre-stored typical performance by athreshold amount.
 18. The computer program product of claim 16, whereinthe encryption key associated with remote storage is a symmetric keyretrieved in connection with the remote storage.
 19. The computerprogram product of claim 15, wherein the pre-stored typical performancefor individuals having a same self-assessed indication of sobriety arepre-stored in a table disposed in persistent storage of the mobilecomputing device and updated on a periodic basis.
 20. The computerprogram product of claim 16, wherein the program instructions executableby the device cause the device to further perform: receiving in a servercoupled to the fixed storage a request to retrieve affirmative consentinformation pertaining to an event specified to have occurred inconnection with a particular time of year; retrieving from the fixedstorage a set of all triple encrypted packages stored within a thresholdperiod of time from the particular time of year; decrypting each of thetriple encrypted packages using a decryption key associated with theremote storage; attempting brute-force decryption to the set usingprivate keys for each of the requesting individual and the differentindividual; and, storing in memory of the server two unencrypted sets ofdata resulting from the brute-force decryption, the two unencrypted setsreflecting the affirmative consent in response to the request.